Microsoft, one of the world’s largest software companies, disclosed on Friday that a state-sponsored Russian hacking group accessed some of its corporate email accounts, including those of its senior leadership team and employees in its cybersecurity and legal departments.
The company said it detected the attack on January 12, 2024, and attributed it to Midnight Blizzard, the Russian intelligence agency-linked group also known as Nobelium. This is the same group that was behind the massive SolarWinds breach in 2020, which compromised several US government agencies and corporations.
Possibility of State Sponsorship
Microsoft disclosed on Friday that a Russian state-sponsored hacking group gained access to some of its corporate email accounts, including those of members of its senior leadership team and employees in its cybersecurity, legal, and other functions. Microsoft says state-sponsored Russian hacking group accessed email accounts of senior leaders.
You can also read: NAM Condemns Israel’s ‘Cruel Genocidal Act’ in Gaza
The software giant said it detected the attack on January 12, 2024, and immediately activated its response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
Microsoft identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. This is the same group that was behind the so-called SolarWinds breach in 2020, a massive hack of US government agencies and corporations that exposed sensitive data and potentially compromised national security.
How did the hackers get in?
According to Microsoft, the hackers did not exploit any vulnerability in its products or services but rather used a brute-force technique to guess the password of a ‘legacy’ (Outdated) account that had limited permissions. The account was not protected by multi-factor authentication, which adds an extra layer of security by requiring a code or a device to verify the user’s identity.
Once the hackers gained access to the account, they used its permissions to view and download some emails and attached documents from a very small percentage of Microsoft corporate email accounts. The company said the hackers seemed to be interested in information about Midnight Blizzard itself, as well as how the US government was responding to its intrusions.
Microsoft said it quickly activated its response process to investigate, disrupt, and mitigate the attack, and deny the hackers further access. The company also said it is in the process of notifying the affected employees and customers, and that there is no evidence that the hackers had any access to customer environments, production systems, source code, or AI systems.
What are the implications of the attack?
The attack is another example of the sophisticated and persistent cyber threats that Microsoft and other organizations face from state-sponsored actors. It also raises questions about the security of Microsoft’s internal systems, especially given its role as a provider of cloud services and software to millions of customers around the world.
The attack also highlights the need for stronger cybersecurity measures, such as multi-factor authentication, encryption, and regular updates, to protect against such attacks. Microsoft said it is taking steps to enhance its security posture and resilience, and urged its customers and partners to do the same.
The attack also underscores the importance of cooperation and information sharing among the public and private sectors to combat cyberattacks. Microsoft said it is working closely with law enforcement and other industry partners to investigate and respond to the attack, and to prevent future incidents.
What is the response from the US government and Russia?
The US government has not yet officially commented on the attack, but it is likely to add to the already strained relations between Washington and Moscow over cybersecurity issues. The Biden administration has imposed sanctions and expelled diplomats in response to the SolarWinds breach and other malicious cyber activities by Russia.
Russia has denied any involvement in the attack and accused the US of making baseless accusations and escalating tensions. Russia has also claimed that it is a victim of cyberattacks by the US and its allies, and called for dialogue and cooperation on cybersecurity matters.
